Comment on AXA stops writing cyber-insurance policies that reimburse ransomware victims in France
May 2021 by Experts
Following the news that, in an apparent industry first, the global insurance company AXA says it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to cyber criminals, please see below for comments from cyber security experts from ThycoticCentrify and Censornet.
Joseph Carson, Chief Security Scientist at ThycoticCentrify:
“We need to make it more difficult for cybercriminals, especially ransomware criminals, from being successful and AXA has made a significant step in the right direction. In the past year I have seen an increase of ransomware victims, whether it being a business that lost an entire year’s worth of digital data or citizens who lost their entire digital life, so we must do what we can to reduce the success of ransomware. In recent years we have seen cyber insurance on the rise, with some insurance companies even negotiating with the cybercriminals for a discount, however this is just making ransomware crime more lucrative and successful for the criminals.
We must educate companies and citizens on how to reduce the risks and become more resilient so that paying a ransom is not even an option to consider. AXA insurance have taken a step in the right direction in France by refusing to write cyber-insurance policies that would reimburse victims who fund future crime through ransomware payments. It is also important to note that the recent cyber research by CyberEdge showed that most victims who pay the ransom are unsuccessful in getting their data recovered.”
Richard Walters, CTO at Censornet:
"Cyber insurance can offset the risk posed by cyber attacks and is intended to offer organisations reassurance that the costs of a breach will be picked up. However, it’s very hard to count the true cost of a breach. If a company’s private data is hacked and leaked, it suffers an immediate financial hit which can be mitigated by insurance. But the long-term reputational damage is almost impossible to estimate. Lose your customers’ trust once and you may never get it back.
By refusing to pay out claims for extortion payments, AXA is taking a hard stance. But this approach is unlikely to deter ransomware gangs. Faced with extortion, many organisations will opt to pay the ransom rather than risk the reputational and financial damage. That’s not going to change.
Hackers will continue to use ransomware to target their victims for as long as it is profitable, so something radical needs to happen in order to break this cycle."